CVE-2025-27220: In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service (ReDoS) vulnerability exists in the Util#escapeElement method.

4.0 CVSS

Description

In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service (ReDoS) vulnerability exists in the Util#escapeElement method.

CVSS Base Severity: MEDIUM

CVSS Base Score: 4.0

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L

Vendor: ruby-lang

Product: CGI

EPSS Score: 0.13% (probability of being exploited)

EPSS Percentile: 29.77% (scored less or equal to compared to others)

EPSS Date: 2025-04-01 (when was this score calculated)

2025-03-03 23:15:29 UTC
Github Advisory Database (RubyGems)

[cgi] CGI has Regular Expression Denial of Service (ReDoS) potential in Util#escapeElement
2025-03-04 00:40:18 UTC
CVE

In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service (ReDoS) vulnerability exists in the Util#escapeElement method.
2025-04-20 16:00:47 UTC
Tenable Plugins

Azure Linux 3.0 Security Update: ruby (CVE-2025-27220)